forked from p15670423/monkey
Modify "unscanned" messages for some techniques
+ other tiny changes in techniques' messages
This commit is contained in:
parent
ad771fb2ce
commit
172f72b730
|
@ -6,7 +6,7 @@ __author__ = "VakarisZ"
|
|||
|
||||
class T1035(UsageTechnique):
|
||||
tech_id = "T1035"
|
||||
unscanned_msg = "Monkey didn't try to interact with Windows services."
|
||||
unscanned_msg = "Monkey didn't try to interact with Windows services since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried to interact with Windows services, but failed."
|
||||
used_msg = "Monkey successfully interacted with Windows services."
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1053(PostBreachTechnique):
|
||||
tech_id = "T1053"
|
||||
unscanned_msg = "Monkey did not try scheduling a job on Windows."
|
||||
unscanned_msg = "Monkey didn't try scheduling a job on Windows since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried scheduling a job on the Windows system but failed."
|
||||
used_msg = "Monkey scheduled a job on the Windows system."
|
||||
pba_names = [POST_BREACH_JOB_SCHEDULING]
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "VakarisZ"
|
|||
|
||||
class T1075(AttackTechnique):
|
||||
tech_id = "T1075"
|
||||
unscanned_msg = "Monkey didn't try to use pass the hash attack."
|
||||
unscanned_msg = "Monkey didn't try to use pass the hash attack since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried to use hashes while logging in but didn't succeed."
|
||||
used_msg = "Monkey successfully used hashed credentials."
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "VakarisZ"
|
|||
|
||||
class T1086(AttackTechnique):
|
||||
tech_id = "T1086"
|
||||
unscanned_msg = "Monkey didn't run powershell."
|
||||
unscanned_msg = "Monkey didn't run powershell since it found no Windows machines."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@ __author__ = "VakarisZ"
|
|||
|
||||
class T1129(UsageTechnique):
|
||||
tech_id = "T1129"
|
||||
unscanned_msg = "Monkey didn't try to load any DLL's."
|
||||
scanned_msg = "Monkey tried to load DLL's, but failed."
|
||||
used_msg = "Monkey successfully loaded DLL's using Windows module loader."
|
||||
unscanned_msg = "Monkey didn't try to load any DLLs since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried to load DLLs, but failed."
|
||||
used_msg = "Monkey successfully loaded DLLs using Windows module loader."
|
||||
|
||||
@staticmethod
|
||||
def get_report_data():
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1154(PostBreachTechnique):
|
||||
tech_id = "T1154"
|
||||
unscanned_msg = "Monkey did not use the trap command."
|
||||
unscanned_msg = "Monkey didn't use the trap command since it found no Linux machines."
|
||||
scanned_msg = "Monkey tried using the trap command but failed."
|
||||
used_msg = "Monkey used the trap command successfully."
|
||||
pba_names = [POST_BREACH_TRAP_COMMAND]
|
||||
|
|
|
@ -8,7 +8,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1156(PostBreachTechnique):
|
||||
tech_id = "T1156"
|
||||
unscanned_msg = "Monkey did not try modifying bash startup files on the system."
|
||||
scanned_msg = "Monkey tried modifying bash startup files on the system but failed."
|
||||
used_msg = "Monkey modified bash startup files on the system."
|
||||
unscanned_msg = "Monkey didn't try modifying bash startup files since it found no Linux machines."
|
||||
scanned_msg = "Monkey tried modifying bash startup files but failed."
|
||||
used_msg = "Monkey successfully modified bash startup files."
|
||||
pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1158(PostBreachTechnique):
|
||||
tech_id = "T1158"
|
||||
unscanned_msg = "Monkey did not try creating hidden files or folders."
|
||||
unscanned_msg = "Monkey didn't try creating hidden files or folders."
|
||||
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
||||
used_msg = "Monkey created hidden files and folders on the system."
|
||||
pba_names = [POST_BREACH_HIDDEN_FILES]
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1166(PostBreachTechnique):
|
||||
tech_id = "T1166"
|
||||
unscanned_msg = "Monkey did not try creating hidden files or folders."
|
||||
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
||||
used_msg = "Monkey created hidden files and folders on the system."
|
||||
unscanned_msg = "Monkey didn't try setting the setuid or setgid bits since it found no Linux machines."
|
||||
scanned_msg = "Monkey tried setting the setuid or setgid bits but failed."
|
||||
used_msg = "Monkey successfully set the setuid or setgid bits."
|
||||
pba_names = [POST_BREACH_SETUID_SETGID]
|
||||
|
|
|
@ -7,7 +7,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1168(PostBreachTechnique):
|
||||
tech_id = "T1168"
|
||||
unscanned_msg = "Monkey did not try scheduling a job on Linux."
|
||||
unscanned_msg = "Monkey didn't try scheduling a job on Linux since it found no Linux machines."
|
||||
scanned_msg = "Monkey tried scheduling a job on the Linux system but failed."
|
||||
used_msg = "Monkey scheduled a job on the Linux system."
|
||||
pba_names = [POST_BREACH_JOB_SCHEDULING]
|
||||
|
|
|
@ -6,7 +6,7 @@ __author__ = "VakarisZ"
|
|||
|
||||
class T1197(AttackTechnique):
|
||||
tech_id = "T1197"
|
||||
unscanned_msg = "Monkey didn't try to use any bits jobs."
|
||||
unscanned_msg = "Monkey didn't try to use any bits jobs since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried to use bits jobs but failed."
|
||||
used_msg = "Monkey successfully used bits jobs at least once in the network."
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ __author__ = "shreyamalviya"
|
|||
|
||||
class T1504(PostBreachTechnique):
|
||||
tech_id = "T1504"
|
||||
unscanned_msg = "Monkey did not try modifying powershell startup files on the system."
|
||||
scanned_msg = "Monkey tried modifying powershell startup files on the system but failed."
|
||||
used_msg = "Monkey modified powershell startup files on the system."
|
||||
unscanned_msg = "Monkey didn't try modifying powershell startup files since it found no Windows machines."
|
||||
scanned_msg = "Monkey tried modifying powershell startup files but failed."
|
||||
used_msg = "Monkey successfully modified powershell startup files."
|
||||
pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]
|
||||
|
|
Loading…
Reference in New Issue